diff --git a/roles/systemd_resolved/handlers/main.yml b/roles/systemd_resolved/handlers/main.yml
new file mode 100644
index 0000000..0bbce3d
--- /dev/null
+++ b/roles/systemd_resolved/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart systemd-resolved
+  ansible.builtin.service:
+    name: systemd-resolved
+    state: restarted
diff --git a/roles/systemd_resolved/tasks/main.yml b/roles/systemd_resolved/tasks/main.yml
new file mode 100644
index 0000000..43371a6
--- /dev/null
+++ b/roles/systemd_resolved/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Install packages
+  ansible.builtin.package:
+    name: systemd-resolved
+    state: installed
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/systemd/resolved.conf.d
+    state: directory
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create config
+  ansible.builtin.template:
+    dest: /etc/systemd/resolved.conf.d/local.conf
+    src: local.conf.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart systemd-resolved
+
+- name: Enable service
+  ansible.builtin.service:
+    name: systemd-resolved
+    state: started
+    enabled: true
diff --git a/roles/systemd_resolved/templates/local.conf.j2 b/roles/systemd_resolved/templates/local.conf.j2
new file mode 100644
index 0000000..23d7dc6
--- /dev/null
+++ b/roles/systemd_resolved/templates/local.conf.j2
@@ -0,0 +1,4 @@
+[Resolve]
+DNS={% for addr in network_dns_servers %}{{ addr }}#{{ lookup('community.general.dig', addr + '/PTR')[:-1] }}  {% endfor %}
+
+DNSOverTLS=yes